Amazon AWS VPC Scenario 2: Specify the public IP address range of your network?

Question

I am setting up a VPC on Amazon AWS using Scenario 2: VPC with Public and Private Subnets.

In the "Adding Rules to the WebServerSG Security Group" section, it specifies to set an inbound SSH rule, specifying allowed sources to be: "Your network's public IP address range".

I have an elastic IP address assigned to my NAT EC2 device. When I created my public web server (in the public subnet) I also assigned a public IP address to it (as part of the wizard). This does not appear in my elastic IP list for some reason (although I believe them to be the same thing right?). They are are not contiguous addresses.

I am not sure exactly what is supposed to happen here. Am I supposed to be able to ssh into the web server in the public subnet? Why would I specify that the only source to be able to ssh into the web server is my network's public IP address range? When I set the allowable source address to either of the public IPs, my connection is refused. Am I supposed to be SSH-ing somewhere else.

Could someone please explain to me exactly how this setup is supposed to work, in terms of how I am supposed to be SSH-ing into the instances remotely?

Answer 1

"Your network's public IP address range" means the network where you are -- not EC2... it refers to the public IP address or range of the computer where you're sitting now, your office network, your home network, any network where your traffic will be be coming from when you want to access the EC2 machines remotely to administer them.